Link to the original lesson for the goal

webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content12a.adoc

@@ -2,10 +2,12 @@
 
 You need to do both use parametrized queries and validate the input received from the user. On StackOverflow you will
 see alot of answers stating that input validation is enough. *However* it only takes you so far before you know it
-the validation is broken and you have an SQL injection in your application.
+the validation is broken, and you have an SQL injection in your application.
 
 A nice read why it is not enough can be found https://twitter.com/marcan42/status/1238004834806067200?s=21
 
 Let's repeat one of the previous assignments, the developer fixed the possible SQL injection with filtering, can you
 spot the weakness in this approach?
 
+Read about the lesson goal link:start.mvc#lesson/SqlInjectionAdvanced.lesson/2[here].
+

webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content12b.adoc

@@ -3,5 +3,6 @@
 So the last attempt to validate if the query did not contain any spaces failed, the development team went further
 into the direction of only performing input validation, can you find out where it went wrong this time?
 
+Read about the lesson goal link:start.mvc#lesson/SqlInjectionAdvanced.lesson/2[here].